Blog Posts Tagged with "Enterprise Risk Management"

The best way to effect culture “is to combine strong leadership with the existing internal elements of a healthy corporate culture... while it may take as long to create a good culture as it does to establish a good reputation, a strong set of values is usually harder to destroy unless the company is itself dismantled..."

Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, that they have implemented ERM. This is simply not the case. Strategic Risk Assessment is an important component of ERM and usually a starting point, but not a final destination...

The past 24 months have seen a number of disasters bring risk management to the forefront of executives and board directors. Whether natural disasters such as the Japanese Tsunami or man-made such as the Gulf of Mexico oil spill, fat-tail disasters have created a renewed interest in enterprise risk management...

Unlike the insurance industry, which helps companies manage risks through financial instruments, risk management attempts to avoid or at least control risk. The next time you hear the mindless prattle of “but we’ve always done it that way”, get some ideas on how to change your company’s compliance culture...

The CIO has become as important as the CEO. It’s a pivotal position that often can make or break the success of a corporation. As criminal hackers have launched campaigns against numerous organizations, the CIO has become much more than an information officer. They are the guardian of corporate secrets...

With social networks transforming the rules of business engagement, many businesses think the biggest risk of social media is the brand and reputational damage that could result from negative interactions or the potential disclosure of proprietary or sensitive information...

Most IT organizations aren't equipped or supported to build a mature program. If our objective is to deliver an evidence driven investment road map aligned with the business, it's OK to plan a phased approach and demonstrate value while the culture, process, and necessary resources gain momentum...

One cloud does not fit all. Your cloud should be customized to fit your business. I believe that if you're going to have a cloud strategy you need to have a pragmatic approach which has you doing your due diligence, proper risk analysis, and understanding your cloud vendor...

Failing with the support of a DevOps tribe can lead to a more resilient enterprise and ultimately better enterprise security. In the following few sections we're going to take a look at combining tools, processes and the tribe mentality to solve some otherwise ugly problems - and come out the other side...

Mobile devices are contributing to improved efficiency and are undoubtedly popular with employees, but they are also inherently vulnerable. To minimise the risks, organisations must develop specific mobile device management policies – and then enforce them...

The ABA Primer notes that an effective compliance program consists of documentation that an organization “exercise[s] due diligence to prevent and detect criminal conduct; and otherwise promote[s] an organizational culture that encourages ethical conduct and a commitment to compliance with the law”...

Resiliency speaks to core business needs much better than security ever could. Resiliency speaks to availability, incident response, business continuity and disaster recovery and security all rolled into one. Resiliency is a measure of preparedness against failure - a component of which is security...

Victims of business identity theft often do not find out about the crime until significant losses accumulate, or someone discovers discrepancies on the books. Because of the hidden nature of the transactions, businesses can lose vast amounts of money. Business identity theft can remain unde­tected for years...

Security engineers, analysts, and auditors are apt to use security policies or industry best practices as the foundation of their guidance rather than addressing business needs. While valid in its substance, these appeals to authority are perceived negatively...

It's harder to be accused of nefarious activities if you are completely above-board, show you're willing to be subject to appropriate limits, and make a point of relinquishing any powers you might have. Call it CYA, call it leading by example, whatever. It's ethically important...

A mature compliance program can be a great benefit for a company, not only in evaluating risk from the compliance perspective but also preparing the necessary steps so that if a contact is awarded, it can be executed in an efficient manner. But it must have a seat at the table...